That’s why we combine enterprise-grade security with regular audits to ensure you and your investors are always protected.
GP Flow's security practices cover infrastructure, people and software development.
All our data is housed within physically secure, U.S.-based Amazon Web Services (AWS) centers, which offer around-the-clock onsite security, video surveillance, and additional measures.
All data in transit to or from our system is encrypted using Transport Layer Security (TLS), while all customer data stored within our system is secured using AES-256 encryption.
Our system infrastructure is designed for fault tolerance. All our databases operate in a clustered arrangement, and the application layer scales using load-balancing technology, dynamically adapting to demand.
Access to our systems is overseen by our identity management provider, which automates user setup, enforces two-factor authentication (2FA), and records all activity.
Cybersecurity experts agree: passwords are outdated and insecure. GP Flow provides you and your investors a secure, hassle-free experience with passwordless authentication.
All servers are set up in accordance with a documented security guideline set, with image management centralized. Modifications to our infrastructure are monitored, and security incidents are accurately logged.
We have an extensive set of explicit security policies that are regularly updated to adapt to evolving security landscapes. These resources are accessible to all team members, disseminated during training sessions and via the company's internal knowledge repositor
Every team member is subject to a detailed background assessment, as well as an annual Information Security (InfoSec) training. Upon an employee's exit, we immediately disable their devices, applications, and access rights using our Identity and Mobile Device Management solutions.
Our Security Team offers constant learning opportunities about emerging security risks, conducts phishing awareness initiatives, and maintains regular communication with employees.
We have a dedicated Security Team in place, composed of highly trained professionals with a thorough understanding of the evolving cybersecurity landscape. This team oversees all aspects of our security, from policy enforcement and incident response to employee training and system checks.
Frequent in-house system intrusion tests are executed, and we work alongside trusted security organizations to conduct external intrusion tests.
Every instance of application access is recorded and reviewed. In addition, we employ a diverse range of tools to rapidly detect and neutralize threats, such as a Web Application Firewall (WAF) and a Runtime Application Self-Protection (RASP) system.
Software creation is carried out following a thoroughly documented Software Development Life Cycle (SDLC) process. Every alteration is monitored through GitHub. Automated checks guarantee that all changes are peer-reviewed and pass an array of tests prior to production deployment.
We undertake rigorous assessments to ensure that every third-party application and service provider complies with our data protection and security standards before we engage their services.
